Vulnerabilities > Pentaho > BI Server

DATE CVE VULNERABILITY TITLE RISK
2011-09-13 CVE-2009-5101 Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0
Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.
network
low complexity
pentaho CWE-200
5.0
5.0
2011-09-13 CVE-2009-5100 Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0
Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password.
local
low complexity
pentaho CWE-200
2.1
2.1
2011-09-13 CVE-2009-5099 Cross-Site Scripting vulnerability in Pentaho BI Server 1.2.0/1.6.0
Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter.
network
pentaho CWE-79
4.3
4.3